libarchive (3.1.2-11+deb8u3) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2016-7166: Denial of service using a crafted gzip file * CVE-2016-6250: Integer overflow in the ISO9660 writer * CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite (Closes: #837714) -- Salvatore Bonaccorso Sat, 24 Sep 2016 13:25:26 +0200 libarchive (3.1.2-11+deb8u2) jessie-security; urgency=high * CVE-2015-8916, CVE-2015-8917, CVE-2015-8919-CVE-2015-8926, CVE-2015-8928, CVE-2015-8930-CVE-2015-8934, CVE-2016-4300, CVE-2016-4302, CVE-2016-4809, CVE-2016-5844. Backports thanks to Marc Deslauriers. -- Moritz Mühlenhoff Thu, 25 Aug 2016 19:36:11 +0200 libarchive (3.1.2-11+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2016-1541: heap-based buffer overflow due to improper input validation (Closes: #823893) -- Salvatore Bonaccorso Tue, 10 May 2016 07:00:10 +0200 libarchive (3.1.2-11) unstable; urgency=medium * Add d/p/Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch (Closes: #778266) -- Andreas Henriksson Thu, 05 Mar 2015 14:54:43 +0100 libarchive (3.1.2-10) unstable; urgency=medium * Add d/p/Do-not-overwrite-file-size-if-the-local-file-header-.patch - cherry-picked from upstream git commit e234932de2474c4f99787 Thanks to Maximiliano Curia (Closes: #769290) -- Andreas Henriksson Thu, 20 Nov 2014 21:10:43 +0100 libarchive (3.1.2-9) unstable; urgency=medium [ Andreas Henriksson ] * Drop Andres Mejia from Uploaders by request of MIA (Closes: #743538) [ Breno Leitao ] * Use dh-autoreconf for the benefit of ppc64el (Closes: #750483) [ Andreas Henriksson ] * Bump Standards-Version to 3.9.5 -- Andreas Henriksson Sun, 17 Aug 2014 10:45:27 +0200 libarchive (3.1.2-8) unstable; urgency=medium [ Michael Terry ] * Fix DEP8 minitar test to use application/gzip (Closes: #731962) [ Daniel Schepler ] * Implement DEB_BUILD_OPTIONS=nocheck (Closes: #738159) -- Andreas Henriksson Wed, 12 Feb 2014 22:53:33 +0100 libarchive (3.1.2-7) unstable; urgency=low * Upload to unstable. -- Andres Mejia Sat, 25 May 2013 16:07:06 -0400 libarchive (3.1.2-6) experimental; urgency=low [ Andreas Henriksson ] * Merge debian-wheezy branch containing package revision 3.0.4-3. [ Andres Mejia ] * Remove gbp config overrides. * Remove lrzip build dependency as test cases fail on certain architectures. -- Andres Mejia Tue, 07 May 2013 21:44:50 -0400 libarchive (3.1.2-5) experimental; urgency=low * Update patch to fix LZO test cases to use changes from upstream. * Update homepage field for new homepage URL. * Add upstream changes to fix building libarchive with lrzip support. -- Andres Mejia Sun, 24 Feb 2013 16:44:32 -0500 libarchive (3.1.2-4) experimental; urgency=low * Add mtree filename length fix from upstream. * Add fix for LZO test cases. * Renable LZO support. * Bump Standards-Version to 3.9.4. -- Andres Mejia Sat, 23 Feb 2013 23:44:26 -0500 libarchive (3.1.2-3) experimental; urgency=low * Update gbp.conf to point to branches used for libarchive packaging in experimental. * Disable LZO support, it is broken on some architectures. -- Andres Mejia Sun, 10 Feb 2013 12:43:35 -0500 libarchive (3.1.2-2) experimental; urgency=low * Update patches to use changes applied upstream. -- Andres Mejia Sat, 09 Feb 2013 15:13:20 -0500 libarchive (3.1.2-1) experimental; urgency=low * New upstream release. * Enable LZO support. -- Andres Mejia Sat, 09 Feb 2013 13:37:34 -0500 libarchive (3.1.1-1) experimental; urgency=low * New upstream release. -- Andres Mejia Wed, 16 Jan 2013 17:06:36 -0500 libarchive (3.1.0-1) experimental; urgency=low [ Benjamin Drung ] * Add autopkgtest (LP: #1073390). [ Martin Pitt ] * Add examples-offset-type.patch: Fix offset data type in examples. [ Andres Mejia ] * New upstream release. -- Andres Mejia Sun, 13 Jan 2013 22:00:14 -0500 libarchive (3.0.4-3) unstable; urgency=low * Add patch that fixes CVE-2013-0211. (Closes: #703957) -- Andreas Henriksson Wed, 27 Mar 2013 16:20:36 +0100 libarchive (3.0.4-2) unstable; urgency=low * Add debian/patches/gcc-4.7-fixes-from-upstream.patch (Closes: #674368, #672690) -- Andreas Henriksson Thu, 24 May 2012 14:49:41 +0200 libarchive (3.0.4-1) unstable; urgency=low * New upstream release. * Patches removed, applied upstream. -- Andres Mejia Thu, 29 Mar 2012 09:44:15 -0400 libarchive (3.0.3-7) unstable; urgency=low * Allow the dev package to be multi-arch installable. * Set verbosity level to 1 for test programs. This incorporates upstream commit 7cd65cd07cfa2693455d174049b4887434041695. (Closes: #662716) * Fixup package description about ISO support. (Closes: #659651) -- Andres Mejia Fri, 16 Mar 2012 16:21:21 -0400 libarchive (3.0.3-6) unstable; urgency=low * Add patch to fix infinite loop in xps files (Closes: #662603) - Thanks for the patch to Savvas Radevic! -- Andreas Henriksson Mon, 05 Mar 2012 16:23:05 +0100 libarchive (3.0.3-5) unstable; urgency=low * Detect if locales or locales-all is installed for use with test suite. * Bump Standards-Version to 3.9.3. -- Andres Mejia Thu, 23 Feb 2012 19:29:24 -0500 libarchive (3.0.3-4) unstable; urgency=low * Ensure tests are not run via root. (Closes: #659294) -- Andres Mejia Tue, 21 Feb 2012 16:01:26 -0500 libarchive (3.0.3-3) unstable; urgency=low * Update watch file to use new home for downloads. -- Andres Mejia Mon, 06 Feb 2012 17:04:34 -0500 libarchive (3.0.3-2) unstable; urgency=low * Upload to unstable. * Update homepage to libarchive's new home. -- Andres Mejia Mon, 06 Feb 2012 16:37:07 -0500 libarchive (3.0.3-1) experimental; urgency=low * New upstream release. * Fix for hurd build failure included in new release. (Closes: #653458) * Update copyright file. -- Andres Mejia Mon, 16 Jan 2012 11:49:46 -0500 libarchive (3.0.2-3) experimental; urgency=low * Prepare an upload to experimental. -- Andres Mejia Sat, 24 Dec 2011 20:39:17 -0500 libarchive (3.0.2-1) unstable; urgency=low * Prepare new upstream release. * Update package descriptions, deleting some information that doesn't apply to current build of packages. * Rename shared library package for soname bump. * Remove symbols files. Symbols file needs to be maintained better. Also, numerous symbols were in the file which were meant to stay private (all the __archive_* symbols for example). -- Andres Mejia Sat, 24 Dec 2011 15:47:39 -0500 libarchive (3.0.1b-1) experimental; urgency=low * Package latest testing release. * Update debian/control, noting new 7zip support. * Fix package description for bsdcpio. * Update symbols file for new symbols added in libarchive-3.0.1b. -- Andres Mejia Fri, 16 Dec 2011 17:28:03 -0500 libarchive (3.0.0a-1) experimental; urgency=low * Package testing release of libarchive for experimental. * Better ext2 file attribute/flag support included in new release. (Closes: #615875) * Remove all patches, applied in upstream source. * Add option to unapply patches for dpkg-source v3. * Change package name libarchive1 to libarchive11 to match soname bump. * Rename files used in packaging libarchive11. * Build depend on Nettle library. * Add mention of rar support in package description. * Remove installation of symlink for libarchive library file. * Explicitely build without openssl and with nettle support. * Add proper depends to new libarchive11 package. * Update symbols file for libarchive11. * Ensure bsdtar and bsdcpio are linked to shared library dynamically. * Build en_US.UTF-8 locale at runtime to pass test suite. -- Andres Mejia Fri, 16 Dec 2011 16:31:37 -0500 libarchive (2.8.5-5) unstable; urgency=medium * Backport fixes for fix for CVE-2011-1777 and CVE-2011-1778. (Closes: #651844) * Fix build failure for GNU/Hurd. (Closes: #651995) * Regenerate autoreconf patch. -- Andres Mejia Wed, 14 Dec 2011 12:18:31 -0500 libarchive (2.8.5-4) unstable; urgency=low [ Andres Mejia ] * Improve each packages' long description. * Refresh all patches. [ Samuel Thibault ] * Skip libacl1-dev build dependency on hurd (Closes: #645403) [ Andreas Henriksson ] * Add 0009-Patch-from-upstream-rev-3751.patch (Closes: #641265) + Thanks to Michael Cree for figuring out the details. -- Andres Mejia Sun, 11 Dec 2011 21:55:59 -0500 libarchive (2.8.5-3) unstable; urgency=low * Fix upgrade breakage because of manpages being moved from libarchive1 to libarchive-dev. (Closes: #641978) * Make short descriptions for packages unique. * Explicitly set config options to be used during builds. -- Andres Mejia Sun, 18 Sep 2011 10:25:34 -0400 libarchive (2.8.5-2) unstable; urgency=low * Add gbp.conf to enable pristine-tar to true by default. * Add myself to uploaders field. * Add default options to fail on any upstream changes during a build. * Bump Standards-Version to 3.9.2. * Remove duplicate "Section" field. * Remove unnecessary use of *.dirs dh files. * Remove unneeded build-deps. * Provide patch that implements changes made after running autoreconf -vif. * Remove generic comments from debian/rules. * Support parallel builds. * Remove commented lines from install file. * Add docs to all packages except the shared library package. * Remove unneeded use of 'debian/tmp' in path for install files. * Provide different mechanism to install symlink for libarchive1 package. * Move all manpages for libarchive1 to libarchive-dev. * Move libarchive-dev control stanza up. This will make libarchive-dev the default package for installing files into, such as the README.Debian. * Convert libarchive into multiarch library package. * Update Vcs-* entries. -- Andres Mejia Sat, 17 Sep 2011 18:50:11 -0400 libarchive (2.8.5-1) unstable; urgency=low * Add 0010-Patch-from-upstream-rev-2811.patch * Drop "update-patch-series" target from debian/rules * Convert package to dh7 * Imported Upstream version 2.8.5 (Closes: #640524) * Rebase patch queue and drop patches merged upstream - dropped 0003-Patch-from-upstream-rev-2516.patch - dropped 0010-Patch-from-upstream-rev-2811.patch -- Andreas Henriksson Mon, 05 Sep 2011 17:35:36 +0200 libarchive (2.8.4-2) unstable; urgency=low * update-patch-series: + replace local patch with upstream commit. (Rebase patches branch to drop commit/patch "0007-Ignore-ENOSYS-error-when-sett...", in favor of upstream revision 2537 added as "0007-Patch-from-upstream-rev-2537.patch") + add 0008-Patch-from-upstream-rev-2888.patch (Closes: #610079) + add 0009-Patch-from-upstream-rev-2940.patch (Closes: #610783) -- Andreas Henriksson Tue, 09 Aug 2011 13:39:10 +0200 libarchive (2.8.4-1) unstable; urgency=low * Update debian/watch for new code.google.com layout. * update patch series: + added 0003-Patch-from-upstream-rev-2516.patch - Compatibility with WinISO generated iso files (Closes: #587513) + added 0004-Patch-from-upstream-rev-2514.patch + added 0005-Patch-from-upstream-rev-2520.patch - Enable version stripping code in iso9660/joliet (Closes: #587316) * Imported Upstream version 2.8.4 * update-patch-series: + added 0006-Patch-from-upstream-rev-2521.patch + added 0007-Ignore-ENOSYS-error-when-sett... (Closes: #588925) - Big thanks to Modestas Vainius for awesome debugging! -- Andreas Henriksson Thu, 15 Jul 2010 14:45:06 +0200 libarchive (2.8.3-1) unstable; urgency=low * Imported Upstream version 2.8.3 * update-patch-series: 0001-Clear-archive_error_number-in-archiv... - gvfs has been fixed since, workaround not needed anymore. -- Andreas Henriksson Fri, 23 Apr 2010 13:25:33 +0200 libarchive (2.8.0-2) unstable; urgency=low * Clean up libarchive.la file. (Closes: #571468) - Thanks to Sune Vuorela for suggesting this fix. * Update patch series: + added two patches matching revision 1990, 1991 from upstream regarding PATH_MAX hopefully fixing build on Hurd. -- Andreas Henriksson Thu, 25 Feb 2010 22:31:13 +0100 libarchive (2.8.0-1) unstable; urgency=low * Set myself as maintainer (Closes: #570539). + co-maintainers welcome! * Imported Upstream version 2.8.0 (Closes: #559158) * Drop debian revision in symbols file. * Updated symbols for 2.8 * Update rules for new build directory (config.aux -> build/autoconf) * Replace ${Source-Version} with ${source:Version} in control file. * Drop debian/shlibs.local.ex * Bump debhelper compatibility level to 5. * Stop trying to install non-existant usr/share/pkgconfig * Update Vcs fields to point to new collab-maint repository. * Update debian/copyright * Bump Standards-Version to 3.8.4 * Add update-patch-series target in debian/rules. * Added patch to fix gvfsd-archive problems: + 0001-Clear-archive_error_number-in-archive_clear_error.patch (from http://bugs.gentoo.org/show_bug.cgi?id=289260#c1 ) * Switch to dpkg-source 3.0 (quilt) format * Split Build-Depends on multiple lines. * Add liblzma-dev to Build-Depends for lzma support. * Add Build-Depends on libxml2-dev for xar support. * Explicitly give --without-openssl to configure. -- Andreas Henriksson Tue, 23 Feb 2010 20:50:25 +0100 libarchive (2.6.2-2) unstable; urgency=low * Orphaning the package; set maintainer to QA group. -- John Goerzen Fri, 19 Feb 2010 11:23:14 -0600 libarchive (2.6.2-1) unstable; urgency=low * New Upstream Version. Closes: #516577. * Update watch file to new homepage. Closes: #517398. -- John Goerzen Thu, 12 Mar 2009 09:32:31 -0500 libarchive (2.6.1-1) unstable; urgency=low * New Upstream Version * Update homepage. Closes: #514835. * Clean up Debian rules. Patch partially from Bernhard R. Link. Closes: #480495. -- John Goerzen Thu, 19 Feb 2009 09:28:57 -0600 libarchive (2.4.17-2) unstable; urgency=high [ John Goerzen ] * Ignore failures in test suite due to bugs in the testsuite that were turning into FTBFS bugs. Closes: #474400. * Added README.Debian documenting need for largefile suport in sources. Mostly used suggested text found in #479728. Closes: #479728. [ Bernhard R. Link ] * Added symbols file for libarchive. Closes: #476516. -- John Goerzen Thu, 05 Jun 2008 15:42:57 -0500 libarchive (2.4.17-1) unstable; urgency=high * New Upstream Version * This upstream version corrected several problems with the testsuite. Therefore, we can now run test suite after build. Closes: #473221. * uudecode is now used as part of the build. Added build-dep on sharutils. Fixes FTBFS. Closes: #473266. -- John Goerzen Thu, 03 Apr 2008 09:25:04 -0500 libarchive (2.4.14-1) unstable; urgency=high * New upstream release. Closes: #465061, #448292. #465061 is grave bug, so setting urgency high. * Added Vcs-* and Homepage lines to debian/control -- John Goerzen Sat, 29 Mar 2008 10:14:21 -0500 libarchive (2.4.11-1) unstable; urgency=low * New upstream version. * Move bsdtar to section utils. Closes: #460988. * Added bsdcpio package due to new upstream cpio command. -- John Goerzen Mon, 21 Jan 2008 10:02:29 -0600 libarchive (2.2.4-1) unstable; urgency=high * New upstream version with security fixes. Closes: #432924. Fixes: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645 -- John Goerzen Fri, 13 Jul 2007 08:14:00 -0500 libarchive (2.2.3-1) unstable; urgency=low * New upstream version. -- John Goerzen Wed, 06 Jun 2007 03:36:35 -0500 libarchive (2.0.25-3) unstable; urgency=low * SONAME should not be tied to the tarball version string (Closes: #418637) Provide libarchive.so.1 as a backwards-compatible symlink to libarchive.so.2, reverting the package name to libarchive1. Patch from Neil Williams. -- John Goerzen Mon, 16 Apr 2007 13:50:29 +0100 libarchive (2.0.25-2) unstable; urgency=low * Remove build-dep on linux-kernel-headers for compatibility with BSD ports. Closes: #377480. -- John Goerzen Tue, 13 Mar 2007 20:03:37 -0500 libarchive (2.0.25-1) unstable; urgency=low * New upstream version * Remove unnecessary dep on libarchive1. Closes: #396756. * Bump standards-version * Rename libarchive1 to libarchive2 to match new soname. -- John Goerzen Tue, 13 Mar 2007 07:03:53 -0500 libarchive (1.3.1-1) unstable; urgency=high * New upstream release. * Applied FreeBSD patch for potential DoS. This is CVS-2006-5680, FreeBSD SA-06:24. -- John Goerzen Mon, 18 Dec 2006 05:51:08 -0600 libarchive (1.2.53-2) unstable; urgency=low * Added build-dep on bison. Closes: #374200. -- John Goerzen Sat, 17 Jun 2006 17:24:44 -0500 libarchive (1.2.53-1) unstable; urgency=low * New upstream version. * The bsdtar program has been integrated into the libarchive source package upstream. This package, therefore, now generates the bsdtar binary package. -- John Goerzen Sat, 17 Jun 2006 10:44:05 -0500 libarchive (1.02.036-2) unstable; urgency=low * Added conflict on old libarchive-doc package. This package never existed in testing or stable, so this conflict can be removed before long. -- John Goerzen Tue, 18 Oct 2005 11:02:06 -0500 libarchive (1.02.036-1) unstable; urgency=low * New upstream version, now with support for building as a .so. * Added build-dep on libattr1-dev. * No more libarchive-doc; its files now live in libarchive1. * Thanks to Bernhard R. Link for ideas for this package. -- John Goerzen Mon, 17 Oct 2005 10:27:30 -0500 libarchive (1.02.034-2) unstable; urgency=low * Split off manpages into separate package libarchive-doc. The bsdtar manpages point readers to these. -- John Goerzen Tue, 11 Oct 2005 05:36:28 -0500 libarchive (1.02.034-1) unstable; urgency=low * Initial release Closes: #333222. -- John Goerzen Mon, 10 Oct 2005 19:24:56 -0500